55 matches found
LinkAce 注入漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...
CVE-2026-45716
Budibase vulnerability CVE-2026-45716 affects the onboardUsers endpoint: when SMTP is not configured, POST /api/global/users/onboard allows a builder to create new global admin accounts by injecting attacker-controlled roles, returning the generated password in the response and enabling full priv...
Improper Privilege Management
Overview @budibase/worker is a Budibase background service Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted requests to the affected endpoint, allowin...
OrangeHRM 代码注入漏洞
OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code injection vulnerability exists in OrangeHRM versions 5.0 through 5.7, whi...
CVE-2021-4466
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...
CVE-2021-4466
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...
EUVD-2021-34717
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...
CVE-2025-60701
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...
CVE-2025-60701
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...
CVE-2025-60701
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...
CVE-2025-60701
The CVE-2025-60701 issue affects the D-Link DIR-882 router, specifically firmware DIR882A1_FW102B02. The vulnerability stems from the prog.cgi function sub_433188 and the rc binary’s sub_448FDC, where user-supplied EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, and AccountName are stored ...
PT-2025-46884
Name of the Vulnerable Software and Affected Versions D-Link DIR-882 Router firmware versions prior to DIR882A1 FW102B02 Description A command injection issue exists in the D-Link DIR-882 Router firmware. The sub 433188 function within the prog.cgi binary stores user-provided email configuration...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerability A command execution vulnerability exists due to...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerability A command execution vulnerability exists due to...
EUVD-2019-6092
Malware in sbrugna...
EUVD-2019-8841
Malware in sbrugna...
EUVD-2021-21942
Malware in sbrugna...
EUVD-2024-20347
Malicious code in bioql PyPI...
EUVD-2021-28342
Malicious code in bioql PyPI...
EUVD-2025-17108
Malicious code in bioql PyPI...